-
Circumventing web filtering software
I was reading the Messing with Web Filtering Gateways post from GNU Citizen, and here are some comments / ideas: The problem is the impedance mismatch between the way the filtering software is parsing the headers and the way the webserver parses them. There will always be corner cases… For example, it would be interesting…
-
How permissive is the Windows autorun.inf parsing?
While reading the F-Secure blogpost titled When is AUTORUN.INF really an AUTORUN.INF?, I was reminded of this masking technique – putting extra data between the relevant lines. But how tolerant is the autorun.inf parser (which I suppose in fact is the INI file parser) really? The example showed by F-Secure is quite mild, in the…
-
Free Microsoft e-book: Writing Secure Code for Windows Vista
From /dev/random (where I stole the title from – because I’m a lazy bastard :-)): you can get an (electronic) copy of Writing Secure Code for Windows Vista by signing up for a free newsletter. I actually have read an older version of the book and found it very good. A large part of it…
-
“Official” DDoS tools
There are quite a few people who perform computer attacks while claiming political reasons. The Arbor Network blog discusses a recent example: a group of people asking you to download and run their tool it “help israel” (this could maybe be called “political-engineering”, and is quite curious, because people are being told that the downloaded…
-
Enumerating objects / methods in Javascript
I was reading the following post on the Metasploit blog: Fuzzing Flash For Fun (ASNative), which described how to use an undocumented feature of ActionScript to get the list of all functions and then fuzz them. I thought: surely, there is a simpler, documented way to do that. Now, the following code was written in…
-
000webhost.com trying to install malware
I needed a quick, free webhost. Incidentally (it is funny how things come together sometimes) I remembered Andreas Gohr mentioning 000webhost.com, so I decided to give it a try. Now, I knew that nothing is free, so I expected to need to insert some banner ads in the pages, however it seems that this hosting…
-
Privacy risks of signed Java applets
Probably it is an occupational hazard, but when I’ve listened to episode #222 of the Java Posse (1/3 of the devil :-D) and they talked about a java applet do do screencasts, my first reaction was: is it possible to do this from an applet? isn’t this a privacy risk? The answer is: it depends…
-
A few tips for pshtoolkit
pshtoolkit is short for Pass The Hash Toolkit, and is a program (or rather a small collection of programs) written and released as OSS by CORE. Its basic use is to authenticate to Windows systems by passing the hash of the password – hence the name – rather than the password. Here are a couple…
-
What is an executable file anyway?
While this seems trivial, it is a very important question you’ll have to answer if you want to pretend that a whitelisting solution will give you 100% protection. So lets take a shot at it: An executable file is a file which contains machine code intended to be run on the CPU. This looks right,…